Good idea Joel.
In the inventory file I can use
'bindPassword': '{{ ldap_bind_password }}'
and pass *-e ldap_bind_password=xxxxx* when running the playbook.
Ansible vault is probably the way to go but this will do for now.
Thanks!
On 24 October 2017 at 17:19, Joel Pearson <[email protected]>
wrote:
> Maybe if you use a vars yaml file, it might work? I was going to try it
> today, but I didn't get around to it, was hoping you'd get it working first?
>
> By a vars file I mean
>
> ansible-playbook -e "@varsfile.yml"
>
> With something like this in there, but obviously the encrypted bit
>
> openshift_master_identity_providers:
> - name: active_directory
> challenge: 'true'
> login: 'true'
> kind: LDAPPasswordIdentityProvider
> attributes:
> email:
> - mail
> id:
> - sAMAccountName
> name:
> - displayName
> preferredUsername:
> - sAMAccountName
> insecure: 'true'
> bindDN: 'CN=xxxx,OU=Azure Users,OU=DEH-Staff,DC=internal,DC=govt'
> bindPassword: 'xxxx'
> url: ldap://ad-lb.envris-os-dev.agiledigital.com.au:389/ou=
> deh-staff,dc=internal,dc=govt?samAccountName
>
>
> On Tue, Oct 24, 2017 at 4:59 PM Lionel Orellana <[email protected]>
> wrote:
>
>> Well adding this to the inventory file doesn't work (even if the files
>> are copied to masters before hand).
>>
>> 'bindPassword': {'file': '/root/bindPassword.encrypted', 'keyFile':
>> '/root/bindPassword.key'},
>>
>> Is there any way to encrypt the bindPassword in the inventory file?
>>
>> On 21 October 2017 at 11:43, Lionel Orellana <[email protected]> wrote:
>>
>>> Looking at the master role it just copies the configuration from the
>>> inventory to the config file so I do have to copy the encryption files
>>> beforehand. Will have to try if the format in the inventory file is right.
>>> On Sat, 21 Oct 2017 at 9:15 am, Lionel Orellana <[email protected]>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I see there's a way to encrypt
>>>> <https://docs.openshift.org/latest/install_config/master_node_configuration.html#master-node-configuration-passwords-and-other-data>an
>>>> ldap bind password for use in the master configs.
>>>>
>>>> But I'm not sure how this would work in the Ansible inventory
>>>> configuration for the identity provider.
>>>>
>>>> If I use an Encrypted External File do I need to copy the file to all
>>>> the masters first? Or is the playbook going to copy it from the ansible
>>>> host?
>>>>
>>>> What should the openshift_master_identity_providers look like?
>>>>
>>>> openshift_master_identity_providers=[{'name': 'my_ldap_provider', ...,
>>>> 'kind': 'LDAPPasswordIdentityProvider', ..., *'bindPassword': {
>>>> 'file': 'bindPassword.encrypted'*
>>>> * 'keyFile': 'bindPassword.key'}*, ...}]
>>>>
>>>> Thanks
>>>>
>>>
>> _______________________________________________
>> users mailing list
>> [email protected]
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
> --
> Kind Regards,
>
> Joel Pearson
> Agile Digital | Senior Software Consultant
>
> Love Your Softwareâ„¢ | ABN 98 106 361 273
> p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au
>
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
